mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
gateway/gcs: send proper error responses for Get/SetBucket policies. (#4338)
Fixes #4323
This commit is contained in:
parent
5d602034ea
commit
91c7bb65c5
@ -70,7 +70,6 @@ func (l *gcsGateway) AnonGetObjectInfo(bucket string, object string) (objInfo Ob
|
||||
defer resp.Body.Close()
|
||||
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
fmt.Println(resp.StatusCode)
|
||||
return objInfo, gcsToObjectError(traceError(anonErrToObjectErr(resp.StatusCode, bucket, object)), bucket, object)
|
||||
}
|
||||
|
||||
|
@ -873,27 +873,21 @@ func (l *gcsGateway) SetBucketPolicies(bucket string, policyInfo policy.BucketAc
|
||||
}
|
||||
|
||||
acl := l.client.Bucket(bucket).ACL()
|
||||
|
||||
if policies[0].Policy == policy.BucketPolicyNone {
|
||||
if err := acl.Delete(l.ctx, storage.AllUsers); err != nil {
|
||||
return gcsToObjectError(traceError(err), bucket)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
role := storage.RoleReader
|
||||
|
||||
var role storage.ACLRole
|
||||
switch policies[0].Policy {
|
||||
case policy.BucketPolicyReadOnly:
|
||||
role = storage.RoleReader
|
||||
case policy.BucketPolicyWriteOnly:
|
||||
role = storage.RoleWriter
|
||||
case policy.BucketPolicyReadWrite:
|
||||
// not supported, google only has owner role
|
||||
return gcsToObjectError(traceError(NotSupported{}), bucket)
|
||||
default:
|
||||
return gcsToObjectError(traceError(fmt.Errorf("Unknown policy: %s", policies[0].Policy)), bucket)
|
||||
return traceError(NotImplemented{})
|
||||
}
|
||||
|
||||
if err := acl.Set(l.ctx, storage.AllUsers, role); err != nil {
|
||||
@ -915,13 +909,10 @@ func (l *gcsGateway) GetBucketPolicies(bucket string) (policy.BucketAccessPolicy
|
||||
policyInfo := policy.BucketAccessPolicy{Version: "2012-10-17"}
|
||||
|
||||
for _, r := range rules {
|
||||
if r.Entity != storage.AllUsers {
|
||||
if r.Entity != storage.AllUsers || r.Role == storage.RoleOwner {
|
||||
continue
|
||||
}
|
||||
|
||||
switch r.Role {
|
||||
case storage.RoleOwner:
|
||||
return policy.BucketAccessPolicy{}, gcsToObjectError(traceError(NotSupported{}), bucket)
|
||||
case storage.RoleReader:
|
||||
policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, policy.BucketPolicyReadOnly, bucket, "")
|
||||
case storage.RoleWriter:
|
||||
@ -936,7 +927,7 @@ func (l *gcsGateway) GetBucketPolicies(bucket string) (policy.BucketAccessPolicy
|
||||
func (l *gcsGateway) DeleteBucketPolicies(bucket string) error {
|
||||
acl := l.client.Bucket(bucket).ACL()
|
||||
|
||||
// this only removes the storage.AllUsers policies
|
||||
// This only removes the storage.AllUsers policies
|
||||
if err := acl.Delete(l.ctx, storage.AllUsers); err != nil {
|
||||
return gcsToObjectError(traceError(err), bucket)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user